There are several potential use cases for this keyword:
: Instead of exposing the camera directly to the web, access it through a secure, private network.
For Axis devices specifically, other common dorks include: inurl indexframe shtml axis video serveradds 1l 2021
In 2021, security researchers identified multiple Axis video servers vulnerable to:
To understand the risk, we need to look at how these devices were built. Older Axis cameras and video servers run a stripped-down, embedded Linux operating system. The web interface that a user sees to view video and change settings is a collection of .shtml files (Server-parsed HTML), with indexframe.shtml acting as the main frame that loads the entire interface. There are several potential use cases for this
: Papers on OSINT techniques use these strings as examples of how attackers or researchers locate IoT (Internet of Things) devices without needing to hack into a network [2, 3].
When we talk about "inurl indexframe shtml axis video server," we are essentially referring to a specific type of search query or URL structure that might lead to the configuration or monitoring pages of an Axis video server. This could involve accessing the index frame or main page of a web-based interface used for configuring or viewing video feeds from Axis cameras or servers. The web interface that a user sees to
If you own an Axis video server or network camera, you should take steps to ensure it isn't "dorkable" by following the AXIS OS Hardening Guide Change Default Passwords
: Compromised devices can be recruited into botnets (e.g., Mirai variants) to launch distributed denial-of-service (DDoS) attacks.
Devices discovered via inurl:indexframe.shtml axis video server presented several risks: